1. Field of the Invention
The present invention relates to a deployed cryptographic application in a distributed computing environment. More specifically, a stream cipher encryption algorithm accelerator and methods of use thereof is described.
2. Description of the Prior Art
Electronic Commerce (e-commerce) is not possible if the parties cannot authenticate each other or if the transaction can be altered by some malicious third party. Accordingly, there is a large body of experience in developing and deploying encryption applications, especially in the HTML/HTTP browser/server markets. One such application is referred to as “RC4” which is a trademark of RSA Security Inc of Redwood City, Calif. RC4™ is a secure, variable key-size stream cipher with byte-oriented operations. The RC4™ algorithm is based on the use of a random permutation having a period that is overwhelmingly likely to be greater than 10100. Typically, eight to sixteen machine operations are required per output byte. More specifically, RC4™ uses a variable length key from 1 to 256 bytes to initialize a 256-byte state table. The state table is used for subsequent generation of pseudo-random bytes and then to generate a pseudo-random stream which is XORed with the plaintext to give the ciphertext. Each element in the state table is swapped at least once.
For seven years, RC4™ was proprietary and details of the algorithm were only available after signing a nondisclosure agreement. However, in September, 1994 someone anonymously posted source code (referred to as “Alleged RC4”, or more commonly referred to as ARCFOUR) to a user group mailing list. ARCFOUR quickly spread to various Usenet newsgroups and, ultimately, via the Internet to ftp sites around the world. Readers with legal copies of RC4 confirmed compatibility between ARCFOUR and RC4™ owned by RSA Data Security, Inc. which tried unsuccessfully to claim that ARCFOUR was a trade secret even though it was public. Consequently, ARCFOUR has become the defacto standard for online encryption and has become one of the most popular encryption algorithms in the browser market.
Currently, in order to encrypt (or decrypt) data using the ARCFOUR algorithm a central processing unit (CPU) type system 100 as illustrated in FIG. 1 is typically used. For example, the conventional system 100 includes a CPU 102 coupled to a first memory array 104 used to store a secret key(s) and a second memory array 106 used to store an incrementing pattern by way of an interface 108. The CPU 102 is also connected to a state array unit 110 and a data storage device 112, such as a register, memory device, and so on, used to store a message 114 to be, in this example, encrypted using the ARCFOUR algorithm. In order to encrypt the message 114, a process 200 as shown by the flowchart illustrated in FIG. 2 is used. First, the CPU 102 performs a mixing operation by, at 202, storing an incrementing pattern in the second memory array 106 and a secret key (or keys) in the first memory array 104. Next, at 204, the CPU 102 performs a shifting operation based upon the key values stored in the first memory array 104 and at 206 updates the state array 110 thereby completing the mixing operation. After the mixing operation is complete, the CPU 102 performs a ciphering operation at 208 on each byte of the message 112 until such time as the encrypted message is ready to be transmitted to a receiver. It should be noted that a received encrypted message is decrypted in a substantially similar manner.
Although a powerful tool for providing a secure e-commerce transaction environment, the use of a CPU based encryption/decryption system requires a substantial amount of CPU resources thereby severely restricting the CPU for other purposes. This reliance on the CPU to carry out and/or direct the many steps required to encrypt or decrypt a message greatly reduces the efficiency of any system relying upon a CPU to operate in a secure transaction environment.
Therefore what is desired is an efficient encryption accelerator and methods of use thereof that off loads most, if not all, of the encryption/decryption operations from a system CPU. In particular, the efficient encryption accelerator is most appropriate for use in a secure e-commerce transaction carried out over an unsecure network of distributed computing devices, such as the Internet.